Vulnerability Name:

CVE-2009-0164 (CCN-49942)

Assigned:2009-04-16
Published:2009-04-16
Updated:2018-10-11
Summary:The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
4.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.3 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-20
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: Gentoo Bugzilla Bug 263070
< net-print/cups-1.3.10 Multiple vulnerabilities (CVE-2009-{0163, 0164})

Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=263070

Source: CCN
Type: CUPS Web site
STR #3118: CUPS may be vulnerable to DNS rebinding attacks

Source: MITRE
Type: CNA
CVE-2009-0164

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-05-12

Source: CCN
Type: SA34481
CUPS Multiple Vulnerabilities

Source: CCN
Type: SA35074
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
35074

Source: GENTOO
Type: UNKNOWN
GLSA-200904-20

Source: CCN
Type: Apple Web site
About the security content of Security Update 2009-002 / Mac OS X v10.5.7

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3549

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/Advisories:rPSA-2009-0061

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.cups.org/articles.php?L582

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.cups.org/str.php?L3118

Source: CCN
Type: GLSA-200904-20
CUPS: Multiple vulnerabilities

Source: CCN
Type: OSVDB ID: 54461
CUPS Web Interface HTTP Host Header Validation Weakness

Source: BUGTRAQ
Type: UNKNOWN
20090417 rPSA-2009-0061-1 cups

Source: BID
Type: UNKNOWN
34665

Source: CCN
Type: BID-34665
CUPS Insufficient 'Host' Header Validation Weakness

Source: CERT
Type: US Government Resource
TA09-133A

Source: VUPEN
Type: UNKNOWN
ADV-2009-1297

Source: CCN
Type: Red Hat Bugzilla Bug 490597
CVE-2009-0164 cups: insufficient checking of the HTTP Host: header

Source: CONFIRM
Type: Patch
https://bugzilla.redhat.com/show_bug.cgi?id=490597

Source: XF
Type: UNKNOWN
cups-host-security-bypass(49942)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apple:cups:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.5-1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.5-2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.6-1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.6-2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.6-3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.9-1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.10-1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.18:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.19:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.19:rc1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.19:rc2:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.19:rc3:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.19:rc4:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.19:rc5:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.20:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.20:rc1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.20:rc2:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.20:rc3:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.20:rc4:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.20:rc5:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.20:rc6:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.21:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.21:rc1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.21:rc2:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.22:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.22:rc1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.22:rc2:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.23:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.23:rc1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2:b1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2:b2:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2:rc3:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.12:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3:b1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3:rc1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3:rc2:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:*:*:*:*:*:*:*:* (Version <= 1.3.9)

    • Configuration CCN 1:
  • cpe:/a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.22:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.21:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.19_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.19_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.19_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.19_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.20_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.20_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.20_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.20_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.20_rc5:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.20_rc6:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.21_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.21_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.22_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.22_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.23:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.23_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.2.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.2.12:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3:b1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3:rc1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3:rc2:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apple cups 1.1
    apple cups 1.1.1
    apple cups 1.1.2
    apple cups 1.1.3
    apple cups 1.1.4
    apple cups 1.1.5
    apple cups 1.1.5-1
    apple cups 1.1.5-2
    apple cups 1.1.6
    apple cups 1.1.6-1
    apple cups 1.1.6-2
    apple cups 1.1.6-3
    apple cups 1.1.7
    apple cups 1.1.8
    apple cups 1.1.9
    apple cups 1.1.9-1
    apple cups 1.1.10
    apple cups 1.1.10-1
    apple cups 1.1.11
    apple cups 1.1.12
    apple cups 1.1.13
    apple cups 1.1.14
    apple cups 1.1.15
    apple cups 1.1.16
    apple cups 1.1.17
    apple cups 1.1.18
    apple cups 1.1.19
    apple cups 1.1.19 rc1
    apple cups 1.1.19 rc2
    apple cups 1.1.19 rc3
    apple cups 1.1.19 rc4
    apple cups 1.1.19 rc5
    apple cups 1.1.20
    apple cups 1.1.20 rc1
    apple cups 1.1.20 rc2
    apple cups 1.1.20 rc3
    apple cups 1.1.20 rc4
    apple cups 1.1.20 rc5
    apple cups 1.1.20 rc6
    apple cups 1.1.21
    apple cups 1.1.21 rc1
    apple cups 1.1.21 rc2
    apple cups 1.1.22
    apple cups 1.1.22 rc1
    apple cups 1.1.22 rc2
    apple cups 1.1.23
    apple cups 1.1.23 rc1
    apple cups 1.2 b1
    apple cups 1.2 b2
    apple cups 1.2 rc1
    apple cups 1.2 rc2
    apple cups 1.2 rc3
    apple cups 1.2.0
    apple cups 1.2.1
    apple cups 1.2.2
    apple cups 1.2.3
    apple cups 1.2.4
    apple cups 1.2.5
    apple cups 1.2.6
    apple cups 1.2.7
    apple cups 1.2.8
    apple cups 1.2.9
    apple cups 1.2.10
    apple cups 1.2.11
    apple cups 1.2.12
    apple cups 1.3 b1
    apple cups 1.3 rc1
    apple cups 1.3 rc2
    apple cups 1.3.0
    apple cups 1.3.1
    apple cups 1.3.2
    apple cups 1.3.3
    apple cups 1.3.4
    apple cups 1.3.5
    apple cups 1.3.6
    apple cups 1.3.7
    apple cups 1.3.8
    apple cups *
    easy_software_products cups 1.1.4
    easy_software_products cups 1.1.19
    easy_software_products cups 1.1.22
    easy_software_products cups 1.1.21
    apple cups 1.3.3
    apple mac os x 10.5
    apple mac os x server 10.5
    apple mac os x 10.4.11
    apple mac os x 10.5.1
    apple mac os x server 10.4.11
    apple mac os x server 10.5.1
    apple cups 1.3.5
    apple mac os x 10.5.2
    apple mac os x server 10.5.2
    apple cups 1.3.6
    apple cups 1.3.7
    easy_software_products cups 1.1
    easy_software_products cups 1.1.1
    easy_software_products cups 1.1.10
    easy_software_products cups 1.1.11
    easy_software_products cups 1.1.12
    easy_software_products cups 1.1.13
    easy_software_products cups 1.1.14
    easy_software_products cups 1.1.15
    easy_software_products cups 1.1.16
    easy_software_products cups 1.1.17
    easy_software_products cups 1.1.18
    easy_software_products cups 1.1.19_rc5
    easy_software_products cups 1.1.19_rc1
    easy_software_products cups 1.1.19_rc2
    easy_software_products cups 1.1.19_rc3
    easy_software_products cups 1.1.19_rc4
    easy_software_products cups 1.1.2
    easy_software_products cups 1.1.20
    easy_software_products cups 1.1.20_rc1
    easy_software_products cups 1.1.20_rc2
    easy_software_products cups 1.1.20_rc3
    easy_software_products cups 1.1.20_rc4
    easy_software_products cups 1.1.20_rc5
    easy_software_products cups 1.1.20_rc6
    easy_software_products cups 1.1.21_rc1
    easy_software_products cups 1.1.21_rc2
    easy_software_products cups 1.1.22_rc1
    easy_software_products cups 1.1.22_rc2
    easy_software_products cups 1.1.23
    easy_software_products cups 1.1.23_rc1
    easy_software_products cups 1.1.3
    easy_software_products cups 1.1.5
    easy_software_products cups 1.1.6
    easy_software_products cups 1.1.7
    easy_software_products cups 1.1.8
    easy_software_products cups 1.1.9
    easy_software_products cups 1.2.10
    easy_software_products cups 1.2.9
    apple mac os x server 10.5.3
    apple mac os x 10.5.3
    apple mac os x 10.5.4
    apple mac os x server 10.5.4
    apple mac os x 10.5.5
    apple mac os x server 10.5.5
    apple cups 1.3.8
    easy_software_products cups 1.2.12
    easy_software_products cups 1.2.4
    apple cups 1.3.0
    apple cups 1.3.1
    apple cups 1.3.2
    apple cups 1.3 b1
    apple cups 1.3 rc1
    apple cups 1.3 rc2
    apple cups 1.3.4
    apple cups 1.3.9
    apple mac os x 10.5.6
    apple mac os x server 10.5.6
    gentoo linux *